" hipaa compliance Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘hipaa compliance’

Case Study: Securely Email Medical Laboratory Results to Patients

Thursday, February 1st, 2018

We count many medical laboratories among our customers.  They process lab tests for doctors and send the results to the patients via email.

Medical laboratories, while sometimes not HIPAA covered entities themselves, are Business Associates with Hospitals and doctors who are required to abide by HIPAA.  By the “transitive” nature of the HIPAA privacy laws, such Business Associates must take pains to abide by HIPAA security and privacy standards, protecting patient data, and ensuring confidentiality.

Medical labs use large scale secure email sending

In order to send patients their results via email, these labs must use a HIPAA-complaint system that can send email to anyone with an email address.

This post describes how one large medical lab uses LuxSci’s SecureLine to safely deliver lab results to 1000s people every day.

Read the rest of this post »

Opt-In Email Encryption is Too Risky for HIPAA Compliance

Tuesday, July 11th, 2017

A majority of companies and hospitals that offer email encryption for HIPAA compliance allow senders to “opt in” to encryption on a message-by-message basis.  E.g., if the sender “does nothing special” then the email will be sent in the normal/insecure manner of email in general.  If the sender explicitly checks a box or adds some special content to the body or subject of the message, then it will be encrypted and HIPAA compliant.

Opt-in encryption is desirable because it is “easy” … end users don’t want any extra work and don’t want encryption requirements to bog them down, especially if many of their messages do not contain PHI.  It is “good for usability” and thus easy to sell.

Cybersecurity opt-in email encryption

However, opt-in encryption is a very bad idea with the inception of the HIPAA Omnibus rule.  Opt-in encryption imposes a large amount of risk on an organization, which grows exponentially with the size of the organization.  Organizations are responsible for the mistakes and lapses of their employees; providing an encryption system where inattention can lead to a breach is something to be very wary of.

Read the rest of this post »

HIPAA-Compliance eBook Series

Wednesday, May 31st, 2017

 

LUXSCI RELEASES FREE HIPAA-COMPLIANCE EBOOK SERIES

New series further explains secure email, texting, websites, web forms and email marketing.

BOSTON, MA – May 30, 2017 – LuxSci (www.luxsci.com), the HIPAA-compliant Internet and Email Security experts, have just released their 3-part eBook series on HIPAA-compliant communications, aimed at healthcare organizations in need of additional information to help them better understand the methods and technologies available for safeguarding their practice and protecting patient privacy.

In the first eBook, “HIPAA-Compliant Email Basics”, LuxSci discusses HIPAA and ePHI, the provisions of the HIPAA email security rule, risk analysis and the need for encryption, and take a closer look at Gmail and Google Apps.

The next eBook, “HIPAA-Compliant Website Basics”, defines what is required from HIPAA-compliant websites, website hosting, and web forms.

The final eBook, “HIPAA-Compliant Bulk Emailing Basics”, is a technical guide to email marketing and outlines best practices for list maintenance, large-scale sending strategies, IP reputation challenges, SPF and DKIM considerations, and HIPAA-compliance specifics.

Erik Kangas, Ph.D. and CEO of LuxSci says, “Online communications technologies are pervasive and they can really help a healthcare organization stay current and engaged.  Understanding the technologies, the risks, and the best practices are the first steps to getting started in a productive, compliant, and profitable direction.  These eBooks provide a great deal of guidance, enabling you to get started quickly.“

To download these free eBooks and find out how LuxSci can help with HIPAA compliance, click here.

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

What is the least expensive way I can get my company HIPAA Certified?

Thursday, April 14th, 2016


A common question posed to Ask Erik involves how small organizations can get “HIPAA certified” quickly and with minimal expense.  These questions stem from desperation (people know that they are not compliant), fear (people know that non-compliance is extremely risky in terms of potential fines and bad publicity, not to mention risk to their customers/patients), lack of an understanding of HIPAA (they do not really know what getting “HIPAA certified” means), and lack of resources (time and money are both scarce).  Organizations in this situation know that they need to take steps for compliance ASAP, but they may not know what those steps are and really want to allocate the minimum possible time or money towards them.

What does getting “HIPAA Certified” mean?

The first hurdle is that there is no official, government-sanctioned HIPAA certification program.  So, there is no way to be officially “HIPAA certified” and thus be “all set.”  What you really must do is strive to be HIPAA-compliant in all aspects of your business that deal with Protected Health Information (PHI) and strive to keep up with your changing organization and the changing compliance landscape over time.

So how can I be HIPAA-compliant?

This is an ongoing process, but here are some steps to get started:

Read the rest of this post »

LUXSCI